2022年全国职业院校技能大赛-网络系统管理赛项设备配置

version EG_RGOS 11.9(4)B12P3, Release(08192723) hostname EG2 ! app-auth offline-detect ! app-auth cfg-opt id-mac app-auth cfg-opt syn-proxy app-auth cfg-opt tup-pass ! app-auth set-mode business ! app-auth local-auth subscriber mac-limit 0 ! app-auth wx-state direct ip session filter 0 flow-pre-mgr enable flow-pre-mgr protocol-enable ! flow-pre-mgr upload-pps-limit 0 ! flow-pre-mgr new-session-limit start-up limit 0 flow-pre-mgr new-session-limit virtual-host limit 0 flow-pre-mgr new-session-limit real-host limit 0 ! flow-pre-mgr total-limit 0 ! convert port 1 to lan convert port 2 to wan ! ip access-list standard 1 10 permit any ! ip access-list standard 10 10 permit 172.16.0.0 0.0.255.255 ! ip access-list extended 2397 10 deny ospf any any 20 deny 112 any any 30 deny icmp any any 40 deny udp any eq domain any 50 deny tcp any any eq www 60 deny tcp any any eq 443 1000 permit ip any any list-remark servctl service rlog off servctl service police_log off servctl service was off servctl service apm off sntp interval 7200 sntp server ntp.ntsc.ac.cn sntp server ntp1.aliyun.com sntp enable ip tcp keepalive ! time-range any periodic Daily 0:00 to 23:59 ! time-range day_time periodic Daily 6:00 to 18:00 ! time-range night_time periodic Weekdays 0:00 to 5:59 periodic Daily 18:01 to 23:59 ! time-range unwork_time periodic Weekdays 0:00 to 7:59 periodic Weekdays 12:00 to 13:00 periodic Weekdays 18:01 to 23:59 ! time-range weekend periodic Weekend 0:00 to 23:59 ! time-range work periodic Weekdays 9:00 to 17:00 ! time-range work_time periodic Weekdays 8:00 to 12:00 periodic Weekdays 13:00 to 18:00 ! time-range working_time periodic Weekdays 0:00 to 23:59 ! identify-application templete tpl-college identify-application enable ! identify-application custom-group ҳӦte app-add WEBӦapp-add BӦapp-add app-add HTTPapp-add HTTP app-add WEB app-add app-add ҳϸ app-add Ϸƽ app-add Ϸ app-add app-add Ѷ app-add app-add ԶЭapp-add app-add Ѷ_MOBILE app-add OBILE app-add WEB_MOBILE app-add OBILE ! identify-application custom-group te app-add ý app-add P2PӦ ! identify-application custom-group ƵӦte app-add HTTP app-add BILE ! identify-application custom-group ~route app-add HTTP app-add HTTP app-add app-add app-add ILE app-add OBILE ! identify-application custom-group ~route app-add app-add app-add Ϸ ! identify-application custom-group QQȨte app-add Ӣ app-add Ӣ ! identify-application key DNS identify-application key Ѷ identify-application key IPdentify-application key identify-application key ICMP-DETAIL identify-application key VPNӦdentify-application key identify-application key dentify-application key Ѷ_MOBILE identify-application web-group HTTPЭdentify-application web-group ҳϸ identify-application web-group HTTPS identify-application online-video-group HTTP identify-application online-video-group BILE identify-application p2p-video-group ý identify-application download-group HTTP identify-application download-group FTP identify-application download-group identify-application download-group TFTP identify-application download-group NNTP identify-application download-group IXIA identify-application download-group SVN identify-application download-group SMB identify-application download-group ILE identify-application download-group dentify-application download-group OBILE identify-application p2p-group P2PӦ identify-application p2p-group dentify-application update-group dentify-application upload-group HTTP identify-application inhibitive P identify-application inhibitive P identify-application inhibitive TCPdentify-application inhibitive UDPdentify-application inhibitive TCPdentify-application inhibitive UDidentify-application inhibitive Ϸ identify-application block S identify-application other dentify-application other dentify-application other identify-application other · identify-application other identify-application other ԶЭdentify-application other identify-application other OBILE identify-application other OBILE identify-application other OBILE identify-application other MOBILE identify-application other RFC identify-application other IP-RAW identify-application other IPЭ app-proxy expect enable no ssl-audit mode ! https-audit enable anti-pap set-node 0 url-filter-notice display ֹϵ url-audit exact-filter no url-rule apply-referer ! url-class un_audit_class comment unaudit ! url-class forbidClass url 15.1.1.2 ! url-object un_audit_object class class class un_audit_class ! url-object illegal class forbidClass class class class class class class ɫclass Υ ! content-policy _AUDIT_DEFAULT mail-rule audit-default-enable im-rule audit-default-enable web-bbs-rule audit-default-enable web-search-rule audit-default-enable web-mail-rule audit-default-enable url-rule audit-default-enable ! content-policy P2P app-rule 1 time-range work app-group P2PӦ action deny audit comment P2P-app-1665810674753 ! content-policy _TOP_PRIORITY url-rule 1000 url-object illegal time-range any action deny audit comment url-rule 997 url-object un_audit_object time-range any action permit comment ! content-policy-relate relate auth-subscriber any policy _TOP_PRIORITY content-policy-relate relate subscriber any policy _TOP_PRIORITY content-policy-relate relate subscriber any policy P2P content-policy-relate relate subscriber any policy _AUDIT_DEFAULT no register device ! no cwmp ! dev-audit enable service dhcp ! ip dhcp pool pool_Gi0/0 lease 0 0 1 network 192.168.1.0 255.255.255.0 192.168.1.17 192.168.1.254 dns-server 114.114.114.114 default-router 192.168.1.1 ! ip name-server 114.114.114.114 ! dns-proxy ! mail-service enable feedback frequency 60 flow-audit enable flow-audit intf-rt refresh 1 flow-audit intf-rt storage 10 max ! layer23 classify enable ! layer23 scc-attention enable ! network-group name "Out_Server" parent "/" ! line-quality enable ! no write-db enable ! sys-mode gateway ! specify interface GigabitEthernet 0/0 lan specify interface GigabitEthernet 0/1 lan specify interface GigabitEthernet 0/2 wan specify interface GigabitEthernet 0/5 wan specify interface GigabitEthernet 0/6 wan ! no nat-log enable no ip nat-log on password policy min-size 6 password policy strong no service password-encryption ! ip http port 80 ip http secure-port 4430 enable service web-server all enable service web-server http enable service web-server https no rnfp-ping-reply enable ! control-plane ef-rnfp enable security deny wan-web security deny wan-telnet-ssh anti-arp-spoof scan 20 attack threshold 500 ! control-plane protocol scpp list 2397 bw-rate 3600 bw-burst-rate 3600 no acpp ! control-plane manage port-filter arp-car 20 log scpp list 2397 bw-rate 3600 bw-burst-rate 3600 no acpp ! control-plane data no glean-car scpp list 2397 bw-rate 3600 bw-burst-rate 3600 no acpp ! logging filter rule exact-match module LOGIN mnemonic LOGIN_FAIL level 5 logging userinfo command-log logging buffered 65535 logging file usb0:syslog/syslog clock timezone UTC +8 0 ! vpdn limit_rate 15 ! web quick-set macc start-set webmaster username admin password 7 12201c1a1354704a73 ! flow-control Gi0/2 comment tpl-college ! channel-tree inbound no auto-pir enable ! channel-group root parent null cir 999999 pir 999999 pri 4 per-net per-pir 2000 limit 100 channel-group key parent root cir 80000 pir 100000 pri 3 per-net per-pir 5000 limit 100 channel-group default parent root pir 100000 pri 3 per-net per-pir 10000 limit 100 channel-group web parent root cir 50000 pir 50000 pri 4 per-net per-pir 500 limit 100